A bot is a program designed to perform various tasks without human intervention. But what can you do with the army of bots at your disposal? You can infiltrate even more devices, launch a massive cyber attack and destroy entire networks. In this article, we’ll explore what a botnet is and how it works.
What is a botnet?
A botnet (short for “bot network”) is a bunch of infected devices (called “zombies”) that take commands from a hacker. When your computer, tablet, router or smartphone is infected with a particular malware, it can spread it to other devices, making the botnet even bigger. Users usually have no idea that something is wrong with their operating system because all the malicious activity takes place behind the scenes.
Hackers use botnets to maximize their criminal efforts and carry out as many malicious actions as possible. A single hacker relying on a single device has a limited ability to do any damage and make money. However, if a hacker has tens, hundreds, or even tens of thousands of devices performing an action, the attacks have greater reach, power, and are more likely to be successful.
The hackers who create botnets are called botnet originators, in English bot herders. Criminals sometimes rent out their “bot herds” to other hackers, so maintaining and expanding them can pay off even if they don’t launch any attacks themselves. Hackers can also use bots to carry out custom attacks, where someone might order a cyberattack on their competitor, for example.
Types of botnets
- Client-server model – In this model, the network is created and operated by a single server acting as a botmaster. The attacker orchestrates all operations and maintains communication with the infected devices. Each bot connects to the control center to receive instructions and execute new commands. However, the botmaster can be easily detected and its server can be shut down.
- Peer-to-peer model – This type of botnet is decentralized, meaning that no central server is responsible for operations. Each bot can act as a command and control center as well as a client. Even if it manages to stop some bots, it has no impact on the overall network operation. Fighting peer-to-peer botnets is much harder and it is difficult to find the attacker behind them.
Common botnet attacks
Distributed Denial of Service (DDoS)
This type of attack has been growing in popularity in recent years, mainly due to its relative ease of execution and the difficulty of fighting this attack. The principle is that a server running a website is sent a bunch of legitimate requests to view a page, download a file, play a video or whatever else is needed. When there are too many requests, the server stops keeping up with these requests, and the service then seems unavailable to people who actually want to visit the site, so they are denied service.
Hackers don’t actually need to attack the weakness in the encryption or figure out any passwords or accesses. All they need is a botnet large enough to allow a huge number of requests to be sent to the server, thus bringing the server down. Because these requests come from a huge number of locations, it is not possible to simply filter out botnet traffic from real users. There are methods to defend against DDoS attacks, but the typical approach is to wait until the attack simply stops.
There are a variety of reasons for carrying out DDoS attacks:
- Disruption of competitors’ services
- Sabotaging political campaigns
Hacktivism (promoting a political agenda or social change)
- Cyber warfare between countries
- For financial gain
Hackers sometimes extort various services and want to pay them not to carry out DDoS attacks on various institutions or companies. In 2020, several banks and financial institutions in Australia received emails threatening that DDoS attacks would be carried out on them if they did not pay the ransom. These types of threats have become common for many large organisations. If a DDoS attack destroyed their website or application, every minute could mean millions of crowns lost.
An explanation of DDoS can also be found in the video:
Hackers use phishing emails to carry out ransomware attacks, spread spam, steal your personal data or even add your device to their robot army.
Cybersecurity experts say that more than 3 billion phishing emails are sent every day, which wouldn’t be possible without botnets.
Brute force attacks
Hackers use botnets to launch brute force attacks and allow them to penetrate private networks. Botnets can try combinations of commonly used passwords and then send the passwords to attackers, who then work with them to continue attacks or steal private information.